Last Updated: July 3, 2026
Welcome to INNSTRATA. Your privacy is important to us. This Privacy Policy explains how we collect, use, share, and protect your personal information when you visit our website https://www.innstrata.com and use our suite of software services.
We are committed to complying with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and other applicable data privacy laws to ensure your information is handled securely, ethically, and transparently.
1. Who We Are
INNSTRATA is a comprehensive Software-as-a-Service (SaaS) platform offering advanced hospitality technology solutions for hotels and lodging businesses. Our integrated suite includes:
- Guest Management & Verification: Digital check-in, registration (InnSign), kiosk automation (Kiotel), and secure ID card verification (GuestBan).
- Marketing & Communication: Email automation and SMS guest engagement (Engage).
- Revenue & Risk Management: Dynamic pricing optimization (RateIQ) and automated chargeback mitigation (ChargeShield).
- Digital Presence: Custom hotel website development and booking engine integration (Presence).
For any privacy-related questions or data protection inquiries, you can contact us at:
📧 [email protected]
2. What Data We Collect
We collect and process the following categories of personal and operational data:
- Personal & Contact Data: Name, email address, phone number, physical address, business credentials, and payment processing details (via Stripe).
- Identity Verification Data: Information captured during guest check-in via hardware ID scanners (limited strictly to government-issued ID cards processed securely for property verification and fraud prevention).
- Digital Wallet & Pass Data: Tokenized guest interaction data associated with mobile room keys and NFC/Google Wallet pass integrations.
- Usage & Technical Data: IP address, device type, operating system, browser specifications, and user interaction metrics (via Google Analytics).
- Marketing & Communication Data: Preferences regarding email newsletters, SMS notifications, and promotional communications.
- Scheduling Data: Meeting and product demonstration booking details (via Calendly).
3. How We Collect Data
We collect data through multiple direct and automated channels:
- Direct Website Interactions: Contact forms, demo request submissions, and newsletter sign-ups.
- Software & Hardware Operations: Data input directly into our cloud platform, self-service check-in kiosks, or ID scanning terminals by hotel operators and authorized guests.
- Third-Party Integrations: Analytics tools (Google Analytics), payment processors (Stripe), and scheduling platforms (Calendly).
- Tracking Technologies: Cookies, web beacons, and session logging tools that gather anonymous traffic and performance data.
4. Why We Process Your Data
We process your personal information for the following legitimate business purposes:
- To deploy, operate, and continuously enhance our SaaS platform and hardware integrations.
- To facilitate secure payment processing, subscription billing, and chargeback defense.
- To verify guest identification cards and protect lodging properties against unlawful activity and chargeback fraud.
- To transmit operational notifications, check-in details, and promotional messages via email and SMS.
- To analyze platform usage trends, optimize system latency, and improve user experience.
- To comply with regulatory obligations, financial record-keeping laws, and valid government mandates.
5. Legal Basis for Processing (GDPR & CCPA)
Under GDPR and international privacy laws, our processing relies on the following legal foundations:
- Consent: Granted explicitly when you accept cookies, opt into marketing communications, or register for our platform services.
- Contractual Necessity: Required to fulfill software service agreements, process transactions, and provide technical support.
- Legal Obligation: Mandated for compliance with tax regulations, hospitality registration statutes, and fraud prevention requirements.
- Legitimate Interests: Essential for platform security, infrastructure maintenance, product innovation, and defending legal claims.
6. SMS Marketing & TCPA Compliance
By providing your mobile phone number, you consent to receive transactional and promotional SMS messages from INNSTRATA in accordance with TCPA and A2P 10DLC messaging standards.
Strict Privacy Guarantee: Mobile information, phone numbers, and SMS opt-in consent will never be sold, rented, or shared with third parties, affiliates, or data brokers for marketing or promotional purposes.
7. Cookies and Tracking
We utilize cookies and similar digital tracking technologies to collect anonymous usage metrics and maintain user session security. A cookie banner appears upon your initial visit to request explicit consent for non-essential cookies.
You may adjust or revoke your cookie preferences at any time via your browser settings or our site consent tool.
8. Sharing Your Data
We do not sell personal data. We only share operational data with vetted, GDPR- and CCPA-compliant third-party sub-processors strictly necessary for service delivery:
- Google Analytics: For anonymous website performance and visitor analytics.
- Stripe: For PCI-compliant payment card processing and automated billing.
- Calendly: For scheduling consultations, demos, and support sessions.
All third-party service providers operate under strict Data Processing Agreements (DPAs) requiring them to maintain confidentiality and adhere to global data security standards.
9. Data Retention & Security
We retain personal information only for as long as necessary to fulfill contractual obligations, provide software services, or satisfy legal and accounting requirements. Sensitive verification data captured via ID scanning modules is purged or anonymized according to strict property-level data retention rules.
To protect your data, we enforce rigorous enterprise-grade security controls, including:
- End-to-end TLS/HTTPS encryption for all data in transit.
- AES-256 encryption for database records and sensitive information at rest.
- Role-based administrative access controls and multi-factor authentication.
- Continuous network firewalls, intrusion monitoring, and regular security audits.
10. International Data Transfers
For clients residing within the European Economic Area (EEA), we ensure all international data transfers comply with Chapter V of the GDPR through the use of European Commission-approved Standard Contractual Clauses (SCCs) and robust data encryption.
11. Your Privacy Rights
Depending on your jurisdiction (including the EU/EEA under GDPR and California under CCPA/CPRA), you possess comprehensive data privacy rights:
- Right to Access & Portability: Request a summary or portable copy of the personal data we store about you.
- Right to Rectification: Request prompt correction of inaccurate or incomplete records.
- Right to Erasure (“Right to Be Forgotten”): Request the deletion of your personal data when processing is no longer necessary.
- Right to Restrict or Object: Ask us to limit or cease specific processing activities, including direct marketing.
- Right to Withdraw Consent: Revoke previously granted consent at any time without impacting prior lawful operations.
To exercise any of your data privacy rights, please submit a request to 📧 [email protected].
12. Changes to This Privacy Policy
We may modify this Privacy Policy periodically to reflect evolving regulatory mandates or software enhancements. The active version will always be published at https://www.innstrata.com.
We encourage administrators and visitors to review this page regularly to stay informed of our data stewardship practices.
13. Contact Us
If you have any inquiries, feedback, or compliance requests regarding this Privacy Policy or InnStrata’s data protection architecture, please reach out to our team: